<?php
// SomeryC, a webcomic script by Zachary Weston Lewis
// Based on Somery by Robin de Graaf
// Copyright 2005-2006
// SomeryC is distributed under the Artistic License (see LICENSE.txt)
//
// ADMIN/COMICS.PHP > 31-08-2007

$start = TRUE; include("system/include.php"); if ($checkauth) {
if ($userdata['level'] >= 1) {
if (!$action) {
?>
<h1 id='comics'>Comics</h1>
<h2>add a new comic</h2>
<?php
loadsettings();
if ($settings[startstatus] == 1) $status = "CHECKED";
$PAGE_SIZE = 20; //Set this to how many comics you want per page
if(!$offset) $offset = 0;
?>
<form enctype="multipart/form-data" method="post" action="comics.php">
<input type="hidden" name="action" value="post">
<!--MAX FILESIZE IS 750KB. CHANGE FOLLOWING LINE TO CHANGE THIS.-->
<input type="hidden" name="MAX_FILE_SIZE" value="768000" />
<table>
<tr><td>author</td><td><?php echo $user; ?></td></tr>
<tr><td>comic title</td><td><input size=50 name='title' type='text'></td></tr>
<tr><td>comic</td><td><input name="userfile" size='50' type="file" /></td></tr>
<tr><td>post time</td><td><input size='19' name='posttime' value='0000-00-00 00:00:00' type='text'> (YYYY-MM-DD HH:mm:SS)</td></tr>
<tr><td>post in chapter</td><td><select name='chapter'>
<?php
$query = "SELECT * FROM ".$prefix."chapters ORDER BY cid";
$result = mysql_query($query);while($row=mysql_fetch_object($result)) {
echo "<option value='$row->cid'>$row->chapter";
} ?>
</select></td></tr>
<tr><td>enable comments</td><td><input type='checkbox' name='comments' CHECKED></td></tr>
<tr><td colspan='2'><input type='submit' value='Create Comic' /></td></tr>
</table>
</form>
<?php
//ARTICLE LINKS//
$result = mysql_query("SELECT * FROM ".$prefix."comics WHERE status = '1'");
$total = mysql_num_rows($result);
echo "<h2>active comics (".$total.")</h2>
<table>";
$query = "SELECT * FROM ".$prefix."comics WHERE status = '1' ORDER BY id DESC LIMIT $offset,$PAGE_SIZE";
$result = mysql_query($query);
if($offset > 0) {
	$n_offset = $offset - $PAGE_SIZE;
	if($n_offset < 0) $n_offset = 0;
	echo "<tr><td><a href='comics.php?offset=$n_offset'>Newer comics</a></tr></td>";
}
while($row=mysql_fetch_object($result)) {
	$resulta = mysql_query("SELECT * FROM ".$prefix."articles WHERE parentid = '$row->id'");
	$totala = mysql_num_rows($resulta);
	$resultc = mysql_query("SELECT * FROM ".$prefix."comments WHERE parentid = '$row->id'");
	$totalc = mysql_num_rows($resultc);
	echo "<tr><td><a class='comic' href='comics.php?action=edit&id=$row->id'>".$row->title."</a></td><td><a class='article' href='comics.php?action=artview&id=$row->id'>".$totala."</a></td><td><a class='comment' href='comics.php?action=comview&id=$row->id'>".$totalc."</a></td></tr>";
}
if($offset < $total - $PAGE_SIZE) {
	$n_offset = $offset + $PAGE_SIZE;
	if($n_offset >= $total - $PAGE_SIZE) $n_offset = $total - $PAGE_SIZE;
	echo "<tr><td><a href='comics.php?offset=$n_offset'>Older comics</a></tr></td>";
}
if (!$total) {
echo "<tr><td>none</td></tr>";
}
echo "</table>";
$result = mysql_query("SELECT * FROM ".$prefix."comics WHERE status = '0'");
$total = mysql_num_rows($result);
echo "<h2>hidden comics (".$total.")</h2><table>";
$result = mysql_query("SELECT * FROM ".$prefix."comics WHERE status = '0' ORDER BY id DESC");
while($row=mysql_fetch_object($result)) {
$resulta = mysql_query("SELECT * FROM ".$prefix."articles WHERE parentid = '".$row->id."'");
$totala = mysql_num_rows($resulta);
$resultc = mysql_query("SELECT * FROM ".$prefix."comments WHERE parentid = '".$row->id."'");
$totalc = mysql_num_rows($resultc);
echo "<tr><td><a class='comic' href='comics.php?action=edit&id=$row->id'>".debbcode($row->title)."</a></td><td><a class='article' href='comics.php?action=artview&id=$row->id'> ".$totala."</a></td><td><a class='comment' href='comics.php?action=comview&id=$row->id'>".$totalc."</a></td></tr>";
}
if (!$total) {
echo "<tr><td>none</td></tr>";
}
echo "</table>";
}
elseif ($action == "post") {
//CHECK FOR A FILE
if($_FILES['userfile']['name']=="") {
$noUpload = 1;
echo "No file was uploaded.";
}
else {
$noUpload = 0;
}
//UPLOAD A FILE
if($noUpload==0) {
$uploaddir = $uploadDirectory;
$dirurl = $directoryURL;
$url = $dirurl . basename($_FILES['userfile']['name']);
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);
echo '<p>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
}
else {
echo "Possible file upload attack!\n";
}
echo '</p>';
}
$title = debbcode($title);
$title = cleanstring($title);
if ($status) { $status = 1; } else { $status = 0; }
if ($comments) { $comments = 1; } else { $comments = 0; }
if (!$title && !$err) { echo $error[11]; $err = 1; }
if (!$url && !$err) { echo $error[11]; $err = 1; }
if (!$err) {
$timestamp = time();
if ( strtotime($posttime) )
{
$posttime_check = strtotime($posttime);
}
else
{
$posttime_check = NULL;
}
if ( !$posttime_check || $posttime_check < $timestamp ) { $status = 1; }
else { $status = 0; }
$result = mysql_query("INSERT INTO ".$prefix."comics ( title, url, chapter, time, posttime, status, show_comments ) VALUES ( '$title', '$url', '$chapter', NOW(), '$posttime', '$status', '$comments' )" );
echo "<meta http-equiv=Refresh content=0;URL='comics.php'>";
}
}
elseif ($action == "edit") {
$result = mysql_query("SELECT * FROM ".$prefix."comics WHERE id = '$id'");
while($row=mysql_fetch_object($result)) {
if ($row->status) $status = " CHECKED";
?>
<h1 id='articles'>Comics</h1>
<h2>edit comic</h2>
<form enctype="multipart/form-data" method="post" action="comics.php">
<input type="hidden" name="action" value="update">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<input type="hidden" name="MAX_FILE_SIZE" value="768000" />
<table>
<tr><td>comic title</td><td><input size=50 name='title' type='text' value='<?php echo $row->title;?>'></td></tr>
<tr><td>comic</td><td><input name="userfile" size='50' type="file" /></td></tr>
<tr><td>post time</td><td><input size='19' name='posttime' type='text' value='<?php echo $row->posttime; ?>'> (YYYY-MM-DD HH:mm:SS)</td></tr>
<tr><td>current url</td><td><a href="<?php echo $row->url;?>"><?php echo $row->url;?></a></td></tr>
<tr><td>post in chapter</td><td><select name='chapter'>
<?php
$resultcat = mysql_query("SELECT * FROM ".$prefix."chapters ORDER BY cid");
while($rowc=mysql_fetch_object($resultcat)) {
if ($rowc->cid == $row->chapter) {
echo "<option value='$rowc->cid' SELECTED>$rowc->chapter";
}
else {
echo "<option value='$rowc->cid'>$rowc->chapter";
}
} ?>
</select></td></tr>
<tr><td>enable comments</td><td><input type='checkbox' name='comments' CHECKED></td></tr>
<tr><td>delete this comic</td><td><input type='checkbox' name='delete'></td></tr>
<tr><td colspan='2'><input type='submit' value='Save Changes' /></td></tr>
</table>
</form>
<?php
}
}
elseif ($action == "update") {
$id = $id;
if ($delete) {
$result = mysql_query("DELETE FROM ".$prefix."comics WHERE id = '$id'");
echo "<meta http-equiv=Refresh content=0;URL='comics.php'>";
$err = 1;
}
else {
//CHECK FOR A FILE
if($_FILES['userfile']['name']=="") {
$noUpload = 1;
$url = $row->url;
echo "No file was uploaded.";
}
else {
$noUpload = 0;
}
$title = debbcode($title);
$title = cleanstring($title);
if ($status) { $status = 1; } else { $status = 0; }
if ($comments) { $comments = 1; } else { $comments = 0; }
if (!$title && !$err) { echo $error[11]; $err = 1; }
if (!$err) {
$timestamp = time();
if ( strtotime($posttime) )
{
$posttimecompare = strtotime($posttime);
}
else
{
$posttimecompare = NULL;
}
if ( !$posttimecompare || $posttimecompare < $timestamp ) { $status = 1; }
else { $status = 0; }
//UPLOAD A FILE
if($noUpload==0) {
$uploaddir = $uploadDirectory;
$dirurl = $directoryURL;
$url = $dirurl.basename($_FILES['userfile']['name']);
$uploadfile = $uploaddir.basename($_FILES['userfile']['name']);
echo '<p>';
if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
}
else {
echo "Possible file upload attack!\n";
}
echo '</p>';
$result = mysql_query("UPDATE ".$prefix."comics SET
title='$title',
url='$url',
chapter='$chapter',
status='$status',
posttime='$posttime',
show_comments='$comments'
WHERE id = '$id'");
}
else if($noUpload == 1) {
$result = mysql_query("UPDATE ".$prefix."comics SET
title='$title',
chapter='$chapter',
status='$status',
posttime='$posttime',
show_comments='$comments'
WHERE id = '$id'");
}
echo "<meta http-equiv=Refresh content=0;URL='comics.php'>";
}
}
}
elseif ($action == "artview") {
?>
<h1 id='articles'>Articles</h1>
<h2>add a new article</h2>
<?php
loadsettings();
if ($settings[startstatus] == 1)
$status = "CHECKED";
?>
<form enctype="multipart/form-data" method="post" action="comics.php">
<input type="hidden" name="action" value="artpost">
<input type="hidden" name="MAX_FILE_SIZE" value="768000" />
<input type="hidden" name="id" value="<?php echo $id;?>">
<table>
<tr><td>author</td><td><?php echo $user; ?></td></tr>
<tr><td>title</td><td><input size=50 name='title' type='text'></td></tr>
<tr><td>body</td><td><textarea name='body' rows=9 cols=50></textarea></td></tr>
<tr><td>article visible after posting</td><td><input type='checkbox' name='status' <?php echo $status;?>></td></tr>
<tr><td colspan='2'><input type='submit' value='Create Article' /></td></tr>
</table>
</form>
<?php
$result = mysql_query("SELECT * FROM ".$prefix."articles WHERE status = '1' AND parentid= '".$id."'");
$total = mysql_num_rows($result);
echo "<h2>active articles (".$total.")</h2>
<table>";
$result = mysql_query("SELECT * FROM ".$prefix."articles WHERE status = '1' AND parentid = '".$id."' ORDER BY aid DESC");
$parentid = $id;
while($row=mysql_fetch_object($result)) {
$resultc = mysql_query("SELECT * FROM ".$prefix."comments WHERE parentid = '".$row->aid."'");
$totalc = mysql_num_rows($resultc);
echo "<tr><td><a class='article' href='comics.php?action=artedit&aid=$row->aid'>".$row->title."</a></td><td class='user'>".$row->username."</td></tr>";
}
if (!$total) {
echo "<tr><td>none</td></tr>";
}
echo "</table>";
$result = mysql_query("SELECT * FROM ".$prefix."articles WHERE status = '0' AND parentid = '$parentid'");
$total = mysql_num_rows($result);
echo "<h2>hidden articles (".$total.")</h2><table>";
$result = mysql_query("SELECT * FROM ".$prefix."articles WHERE status = '0' AND parentid = '$parentid' ORDER BY aid DESC");
while($row=mysql_fetch_object($result)) {
$resultc = mysql_query("SELECT * FROM ".$prefix."comments WHERE parentid = '".$row->aid."'");
$totalc = mysql_num_rows($resultc);
echo "<tr><td><a class='article' href='comics.php?action=artedit&aid=$row->aid'>".debbcode($row->title)."</a></td><td><span class='user'>".$row->username."</span></td><td><a class='comment' href='comics.php?action=comview&aid=$row->aid'> ".$totalc."</a></td></tr>";
}
if (!$total) {
echo "<tr><td>none</td></tr>";
}
echo "</table>";
}
elseif ($action == "artpost") {
$title = debbcode($title);
$title = cleanstring($title);
$body = cleanstring($body);
$body = addslashes($body);
if ($comments) { $comments = 1; } else { $comments = 0; }
if ($status) { $status = 1; } else { $status = 0; }
if (!$title && !$err) { echo $error[11]; $err = 1; }
if (!$body && !$err) { echo $error[12]; $err = 1; }
if (!$err) {
$result = mysql_query("INSERT INTO ".$prefix."articles (username,title,body,parentid,time,status) VALUES ('".$userdata['username']."','$title','$body','$id',NOW(),'$status')");
echo "<meta http-equiv=Refresh content=0;URL='comics.php'>";
}
}
elseif ($action == "artedit") {
$result = mysql_query("SELECT * FROM ".$prefix."articles WHERE aid = '$aid'");
while($row=mysql_fetch_object($result)) {
if ($row->status) $status = " CHECKED";
?>
<h1 id='articles'>Comics</h1>
<h2>edit article</h2>
<form enctype="multipart/form-data" method="post" action="comics.php">
<input type="hidden" name="action" value="artupdate">
<input type="hidden" name="MAX_FILE_SIZE" value="768000" />
<input type="hidden" name="aid" value="<?php echo $aid;?>">
<table>
<tr><td>author</td><td><?php echo $user;?></td></tr>
<tr><td>title</td><td><input size="50" name="title" type="text" value="<?php echo $row->title;?>"></td></tr>
<tr><td>body</td><td><textarea name="body" rows="9" cols="50"><?php echo $row->body;?></textarea></td></tr>
<tr><td>article visible after posting</td><td><input type="checkbox" name="status" <?php echo $status;?>></td></tr>
<tr><td>delete this article</td><td><input type="checkbox" name="delete"></td></tr>
<tr><td colspan='2'><input type='submit' value='Save Changes' /></td></tr>
</table>
</form>
<?php
}
}
elseif ($action == "artupdate") {
if ($delete) {
$result = mysql_query("DELETE FROM ".$prefix."articles WHERE aid = '$aid'");
echo "<meta http-equiv=Refresh content=0;URL='comics.php'>";
$err = 1;
}
else {
$title = debbcode($title);
$title = cleanstring($title);
$body = cleanstring($body);
if ($status) { $status = 1; } else { $status = 0; }
if (!$title && !$err) { echo $error[11]; $err = 1; }
if (!$body && !$err) { echo $error[12]; $err = 1; }
if (!$err) {
$result = mysql_query("UPDATE ".$prefix."articles SET
title='$title',
body='$body',
status='$status'
WHERE aid = '$aid'");
}
echo "<meta http-equiv=Refresh content=0;URL='comics.php'>";
}
}
elseif ($action == "comview") {
$result = mysql_query("SELECT * FROM ".$prefix."comments WHERE parentid = '".$id."'");
$total = mysql_num_rows($result);
echo "<h1 id='comments'>Comments</h1>
<h2>view comments ($total)</h2>";
$result = mysql_query("SELECT * FROM ".$prefix."comments WHERE parentid = '".$id."' ORDER BY coid");
while($row=mysql_fetch_object($result)) {
datetime($row->date);
datetime($row->time);
echo "<h3><a href='$row->url'>$row->author</a></h3> ".$row->time." &mdash; <a href='mailto:$row->email'>$row->email</a>&mdash; $row->ip &mdash;<a href='comics.php?action=comedit&coid=$row->coid'>edit</a>";
echo "<p>$row->comment</p>";
}
echo "
<form method='post' action='comics.php'>
<input type='hidden' name='action' value='compost'>
<input type='hidden' name='id' value='$id'>
<table>
<tr><td>author</td><td><input size=50 name='author' type='text' value='".loadprofile($user,"nickname")."'></td></tr>
<tr><td>author email</td><td><input size=50 name='email' type='text' value='".loadprofile($user,"email")."'></td></tr>
<tr><td>author url</td><td><input size=50 name='url' type='text' value='".loadprofile($user,"url")."'></td></tr>
<tr><td>author comment</td><td><textarea name='comment' rows=9 cols=50>$row->comment</textarea></td></tr>
<tr><td colspan='2'><input type='submit' value='Post Comment' /></td></tr>
</table>
</form>";
}
elseif ($action == "comedit") {
echo "<h1 id='comments'>Comments</h1>
<h2>edit comment</h2>";
$result = mysql_query("SELECT * FROM ".$prefix."comments WHERE coid = '".$coid."'");
echo "
<form method='post' action='comics.php'>
<input type='hidden' name='action' value='comupdate'>
<input type='hidden' name='coid' value='$coid'>
<table>";
while($row=mysql_fetch_object($result)) {
echo "
<tr><td>author</td><td><input size=50 name='author' type='text' value='$row->author'></td></tr>
<tr><td>author email</td><td><input size=50 name='email' type='text' value='$row->email'></td></tr>
<tr><td>author url</td><td><input size=50 name='url' type='text' value='$row->url'></td></tr>
<tr><td>author comment</td><td><textarea name='comment' rows=9 cols=50>$row->comment</textarea></td></tr>
<tr><td>delete this post</td><td><input type='checkbox' name='delete' /></td></tr>
<tr><td colspan='2'><input type='submit' value='Save Changes' /></td></tr>";
}
echo "</table>
</form>";
}
elseif ($action == "comupdate") {
$result = mysql_query("SELECT * FROM ".$prefix."comments WHERE coid = '$coid'");
while($row=mysql_fetch_object($result)) {
$id = $row->parentid;
}
if ($delete) {
$result = mysql_query("DELETE FROM ".$prefix."comments WHERE coid = '$coid'");
echo "<meta http-equiv=Refresh content=0;URL='comics.php?action=comview&id=$id'>";
$err = 1;
}
else {
$author = debbcode($author);
$author = cleanstring($author);
$email = debbcode($email);
$email = cleanstring($email);
$url = debbcode($url);
$url = cleanstring($url);
$comment = cleanstring($comment);
if (!$author && !$err) { echo $error[15]; $err = 1; }
if (!$comment && !$err) { echo $error[16]; $err = 1; }
if (!$err) {
$result = mysql_query("UPDATE ".$prefix."comments SET
author='$author',
email='$email',
url='$url',
comment='$comment'
WHERE coid = '$coid'");
echo "<meta http-equiv=Refresh content=0;URL='comics.php?action=comview&id=$id'>";
}
}
}
elseif ($action == "compost") {
$author = debbcode($author);
$author = cleanstring($author);
$email = debbcode($email);
$email = cleanstring($email);
$url = debbcode($url);
$url = cleanstring($url);
$comment = cleanstring($comment);
if (!$author && !$err) { echo $error[15]; $err = 1; }
if (!$comment && !$err) { echo $error[16]; $err = 1; }
if (!$err) {
		// Get the user's IP.
		$ip = $_SERVER['REMOTE_ADDR'];
		$result = mysql_query("INSERT INTO ".$prefix."comments (parentid,author,email,url,comment,time,ip) VALUES ('$id','$author','$email','$url','$comment',NOW(),'$ip')");
echo "<meta http-equiv=Refresh content=0;URL='comics.php?action=comview&id=$id'>";
}
}
}
}
$start = FALSE; include("system/include.php"); ?>
